Ask HN: Should I associate session data with an access token?
Trying to figure out a best practice here. My REST API is working well, but there is one small piece of data (other than the authenticated user) that I need to just persist for the life of a client session. I figured since the client is passing an auth header with every request anyway, it would be a good idea to associate this information with the respective auth token. Are there any design considerations I should contemplate before implementing this?
1 comment
[ 3.2 ms ] story [ 14.9 ms ] thread